Unfixable “usbliter8” hardware flaw exposes millions of Apple devices to physical attack risks

Security researchers at a group called Paradigm Shift have reported a serious hardware-level vulnerability that they describe as affecting

Security researchers at a group called Paradigm Shift have reported a serious hardware-level vulnerability that they describe as affecting a wide range of Apple devices. According to their findings, the issue—referred to as “usbliter8”—is not something that can be resolved through normal software or operating system updates. Instead, it is tied to the underlying hardware design and certain firmware behaviors, meaning that the only permanent way to eliminate the risk would be to replace the affected devices entirely.

The researchers explain that the flaw is connected to the USB controller system used in several Apple chips, specifically the A12, A13, S4, and S5 series. They argue that the vulnerability arises from a mix of physical hardware imperfections and weaknesses in the way the firmware handles USB-related operations. Because of this combination, the problem exists at a very low level of the system, below the operating system layer where typical security patches operate.

To exploit the issue, an attacker would first need physical access to a device and then place it into Device Firmware Update (DFU) mode. Once the device is in this special recovery state, the attacker could send specially crafted data through a USB connection. This data is said to confuse the USB controller, leading to a condition where memory is written to incorrect or unintended locations. Such memory corruption can potentially allow an attacker to execute custom code before the operating system fully starts up, effectively bypassing standard security checks such as signature verification.

If successful, this early-stage control could enable the attacker to modify the system software at a fundamental level. In practical terms, this might allow deeper access to the operating system, potentially undermining many of the built-in protections that normally restrict unauthorized changes. Because the attack occurs before the full boot process completes, it can interfere with mechanisms that are designed to ensure only trusted and verified software runs on the device.

However, the researchers also emphasize an important limitation: the Secure Enclave is not affected by this vulnerability. The Secure Enclave is a dedicated and isolated processor within Apple devices that handles highly sensitive tasks such as encryption keys, biometric data, and secure authentication processes. Since it operates independently from the main system and has its own security boundaries, it remains protected even if the main system is compromised in this way. As a result, encrypted data like passwords, Face ID or Touch ID credentials, and other sensitive user information is still considered secure.

The affected devices reportedly include a broad range of Apple products. These include iPhone models such as the XR, XS, XS Max, iPhone 11 series, and iPhone SE; iPad models like the iPad Air 3, iPad mini 5, and iPad 8th and 9th generation; Apple Watch Series 4, Series 5, and Apple Watch SE; the Apple TV 4K second generation; and even the Apple Studio Display.

According to the report, the vulnerability cannot be exploited remotely because it requires physical interaction with the device, particularly access to the hardware and the ability to trigger DFU mode. This means that everyday users are unlikely to be affected through online attacks. However, it does raise concerns in scenarios where a device is physically stolen or handled by an unauthorized person, since that individual could potentially attempt to exploit the flaw given enough time and access.